Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/tGMWgzTNJRuIlsP2oMLwkMbLAjI.roa
File:                     tGMWgzTNJRuIlsP2oMLwkMbLAjI.roa (raw, json)
Hash identifier:          WsO2qTftzVAnNyQZIcsqrIts3J/E0aqj5BV6X1E7whs=
Subject key identifier:   B4:63:16:83:34:CD:25:1B:88:96:C3:F6:A0:C2:F0:90:C6:CB:02:32
Certificate issuer:       /CN=b68f940f1cc577f370f28428850dc7bf7418f121
Certificate serial:       01930249584F3622980646C2E0087459E0BB
Authority key identifier: B6:8F:94:0F:1C:C5:77:F3:70:F2:84:28:85:0D:C7:BF:74:18:F1:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/tGMWgzTNJRuIlsP2oMLwkMbLAjI.roa
Signing time:             Wed 06 Nov 2024 16:23:01 +0000
ROA not before:           Wed 06 Nov 2024 16:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35280
IP address blocks:        193.26.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:49:58:4f:36:22:98:06:46:c2:e0:08:74:59:e0:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68f940f1cc577f370f28428850dc7bf7418f121
        Validity
            Not Before: Nov  6 16:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b463168334cd251b8896c3f6a0c2f090c6cb0232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:34:1a:56:c7:f5:ca:cb:ef:e4:74:06:0c:b5:
                    cc:8f:12:48:87:f5:f4:05:c2:31:0d:44:ef:dc:59:
                    f7:8d:fe:bc:48:95:d6:88:e3:78:53:1d:f2:bb:2d:
                    46:a9:6b:f8:f1:1e:fa:81:8b:86:49:ef:de:5b:a5:
                    cd:8e:64:ed:6e:8d:c4:cc:2f:9b:35:85:6d:36:5e:
                    3b:34:78:4f:b8:6b:e9:02:41:5d:3d:bf:9e:ed:61:
                    7f:30:f1:f4:ba:44:a6:f9:33:6e:5f:19:d7:b3:a9:
                    74:ef:91:f1:87:e3:67:9a:0b:37:f6:0f:e4:f3:a3:
                    3d:37:7a:98:fc:d7:77:08:3b:98:bb:ba:60:63:f4:
                    a6:dd:df:44:3d:c1:35:b1:2a:35:23:94:36:ed:82:
                    76:63:97:ca:80:e9:1f:70:af:d8:8e:c0:b8:63:3b:
                    87:53:8e:8f:36:8b:88:cd:8e:d9:85:c1:3c:04:f8:
                    eb:bb:a6:c7:0e:99:bc:dc:43:f1:05:9b:34:e7:f7:
                    bd:a4:5a:7c:cf:a4:66:44:2f:49:ab:50:e1:f2:ab:
                    79:86:d8:92:17:c8:ea:f8:2b:34:1e:c9:b8:bd:71:
                    92:26:f2:87:75:b1:3f:1f:8d:05:70:88:42:19:84:
                    23:a9:41:eb:6a:16:d4:d8:1c:6f:79:e0:37:7d:5c:
                    03:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:63:16:83:34:CD:25:1B:88:96:C3:F6:A0:C2:F0:90:C6:CB:02:32
            X509v3 Authority Key Identifier:
                keyid:B6:8F:94:0F:1C:C5:77:F3:70:F2:84:28:85:0D:C7:BF:74:18:F1:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/tGMWgzTNJRuIlsP2oMLwkMbLAjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fd:37:89:23:db:f3:da:bc:3c:61:23:28:5a:23:34:86:24:
         93:f3:ff:83:d6:10:05:4a:ab:ae:78:c4:23:71:b3:2b:5f:fe:
         58:79:ca:c6:3b:7e:22:e6:47:95:66:68:e8:44:5c:7e:34:1f:
         85:50:d3:80:4a:87:76:30:5b:7e:b3:e9:63:e8:1f:13:89:42:
         7c:07:e6:12:89:15:d0:ae:0e:ce:74:dc:86:30:96:0e:39:18:
         bb:b7:3e:49:68:37:7d:7e:ad:3c:88:02:53:8d:08:98:98:f2:
         c8:0b:9c:68:69:f3:e9:64:3d:96:03:7a:e1:a9:15:68:7c:d3:
         75:3f:79:35:80:d3:3f:70:76:93:a9:36:e3:03:bf:9e:ad:ce:
         36:e4:e1:34:cf:4f:dd:67:53:a8:1a:8e:48:df:4d:25:f9:7f:
         38:d1:26:ec:51:25:ad:7b:b4:95:eb:ce:56:ef:32:9d:f1:5c:
         79:80:91:1a:49:ff:7c:89:a3:4f:46:f0:cd:89:db:5a:19:98:
         78:dd:1f:13:4e:a8:c7:3e:26:f6:be:c7:4e:28:8b:e0:2d:16:
         46:c2:24:74:45:75:b6:bf:a4:4a:4a:f8:7b:72:f4:6e:1c:b0:
         6c:9c:39:d9:e8:1c:07:f0:49:47:6b:6b:a4:45:dc:61:63:0b:
         14:90:1e:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMCSVhPNiKYBkbC4Ah0WeC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGY5NDBmMWNjNTc3ZjM3MGYyODQyODg1MGRjN2JmNzQx
OGYxMjEwHhcNMjQxMTA2MTYyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDYzMTY4MzM0Y2QyNTFiODg5NmMzZjZhMGMyZjA5MGM2Y2IwMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTQaVsf1ysvv5HQGDLXMjxJIh/X0
BcIxDUTv3Fn3jf68SJXWiON4Ux3yuy1GqWv48R76gYuGSe/eW6XNjmTtbo3EzC+b
NYVtNl47NHhPuGvpAkFdPb+e7WF/MPH0ukSm+TNuXxnXs6l075Hxh+Nnmgs39g/k
86M9N3qY/Nd3CDuYu7pgY/Sm3d9EPcE1sSo1I5Q27YJ2Y5fKgOkfcK/YjsC4YzuH
U46PNouIzY7ZhcE8BPjru6bHDpm83EPxBZs05/e9pFp8z6RmRC9Jq1Dh8qt5htiS
F8jq+Cs0Hsm4vXGSJvKHdbE/H40FcIhCGYQjqUHrahbU2BxveeA3fVwDqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRjFoM0zSUbiJbD9qDC8JDGywIyMB8GA1UdIwQY
MBaAFLaPlA8cxXfzcPKEKIUNx790GPEhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG8tVUR4ekZkX053OG9Rb2hRM0h2M1FZOFNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80YjJjMjMtZjUzNS00YjZkLWE0NDUt
ZTA0ZGFjNjFjZTlkLzEvdEdNV2d6VE5KUnVJbHNQMm9NTHdrTWJMQWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80YjJjMjMtZjUzNS00YjZkLWE0NDUtZTA0ZGFjNjFjZTlk
LzEvdG8tVUR4ekZkX053OG9Rb2hRM0h2M1FZOFNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRp9MA0G
CSqGSIb3DQEBCwUAA4IBAQAN/TeJI9vz2rw8YSMoWiM0hiST8/+D1hAFSquueMQj
cbMrX/5YecrGO34i5keVZmjoRFx+NB+FUNOASod2MFt+s+lj6B8TiUJ8B+YSiRXQ
rg7OdNyGMJYOORi7tz5JaDd9fq08iAJTjQiYmPLIC5xoafPpZD2WA3rhqRVofNN1
P3k1gNM/cHaTqTbjA7+erc425OE0z0/dZ1OoGo5I300l+X840SbsUSWte7SV685W
7zKd8Vx5gJEaSf98iaNPRvDNidtaGZh43R8TTqjHPib2vsdOKIvgLRZGwiR0RXW2
v6RKSvh7cvRuHLBsnDnZ6BwH8ElHa2ukRdxhYwsUkB7o
-----END CERTIFICATE-----